Spam and Phishing
For Students, Faculty, Staff, Guests, Alumni
Fordham University will never ask you to provide personally identifiable information (PII), such as your Fordham ID number (FIDN), via email. As a rule, do not send any PII through email. If you receive such a request via email, contact the IT Service Desk.
Spam is irrelevant or inappropriate messaging sent online to a large number of recipients. It can be sent via email, over text, in messaging apps, and other types of electronic media.
Phishing is an attempt to obtain sensitive information by disguising it as a trustworthy website, person, or company. Requests for personal information such as phone number, account ID, PIN, Social Security number, passwords, etc. are examples of information attackers in a phishing campaign might seek. Always think twice before providing sensitive information online.
If something feels fishy, it's probably a phish.
Attackers may compromise legitimate email accounts belonging to people you know or to @fordham.edu addresses by sending phishing email from these accounts.
Fordham Gmail is scanned for suspicious content. For more information, see our pages on spam filters and Targeted Attack Protection (TAP) for faculty and staff, which analyzes and blocks in real-time malicious URLs and attachments.
Phishing Reporter Add-on for Fordham Gmail Report potential phishing and malicious emails with one click from your Fordham Gmail safely and in real-time with the Cofense Reporter Gmail add-on.
Identify fraudulent emails
If you are unsure of a link in an email, mouse over--but don't click--on the link. A small pop-up window will appear that shows the actual URL that the link connects to. If the URL doesn't match, or the URL is not from a domain or company you are familiar with, then there is a good chance that this it is a fraudulent email and the site is not legitimate.
Most URLs for organizations and companies use URLs that begin with https://. The "S" stands for secure; http:// is not a secure connection.
If the email is from Fordham, it
- Will come from a Fordham.edu email account
- Will not contain a generic greeting, for example, "EDU Webmail Users," or have no greeting at all
- Will not request that you respond to a non-Fordham email address
- Should be signed by a Fordham employee or department.
Forward any suspicious email to IT Service Desk.
For more information about phishing and spam, including current known activity at Fordham, subscribe to the Fordham SecureIT blog.
Our online information security awareness training for employees covers phishing and other threats. This training will deepen your understanding of phishing and broaden your general security awareness knowledge. To access the course, log in to the Terranova app from the My Apps tab in the fordham.edu portal.